- Survey Finds Nearly 70% of Organizations Leave Critical Vulnerabilities Unresolved for 24 Hours or More
- Managing vulnerability fog is a major challenge, as AI promises to make it easier for criminals to identify targets.
- Legacy zero-day and unpatched vulnerabilities remain a major cause of cybercriminal proliferation
More than two-thirds (68%) of organizations take more than 24 hours to address critical vulnerabilities, according to new research, which urges companies to improve their strategy when it comes to addressing threats.
A survey conducted by Swimlane highlighted how vulnerabilities remain a major danger for organizations; exposing them to data breaches, regulatory sanctions, and operational disruptions.
And the longer these vulnerabilities remain unaddressed, the greater the risk of exploitation; However, many teams struggle with inefficiencies that waste valuable time.
The challenge of vulnerability prioritization
37% of respondents cited a lack of accurate context as a major obstacle to prioritizing threats and 35% considered incomplete information to be the main culprit.
While 45% of organizations were found to employ a mix of manual and automated processes, the tools they rely on, such as cloud security posture management, endpoint protection, and web application scanners, They often fail to address the scale and speed of emerging threats.
Manual processes also pose a challenge, consuming up to 50% of workers’ time on vulnerability management tasks. More than half of the workers surveyed reported spending more than five hours a week consolidating and normalizing data from various sources.
Companies lose approximately $47,580 per employee each year due to manual tasks, said Michael Lyborg, CISO at Swimlane, and this heavy reliance on manual effort not only slows response times but also diverts attention from more strategic cybersecurity initiatives.
Despite these challenges, the report reveals that many organizations simply lack effective vulnerability management programs, with 73% of respondents expressing concern about facing sanctions for poor practices.
“Smarter prioritization and automation are no longer optional – they are essential to reducing vulnerabilities, preventing breaches, and ensuring ongoing compliance,” said Cody Cornell, co-founder and chief strategy officer at Swimlane.
“By combining intelligent automation with human expertise, vulnerability management teams gain the clarity they need to act decisively,” he added.
“Centralizing data and responding in real time is not a luxury – it is a business imperative that minimizes risk and frees up time to focus on the next challenge.”
